VyOS(1.5 rolling) router VM, Cannot route traffic to internet, and host can only ping bridged port

General questions
1

this link is to a thread that seems to be around the 1.3.x release I am having the same sort of issue and would like to resolve it if possible before adding the two networks on the internal interfaces, I have tried the tips in this thread to the point of having nat source rules for both of the other interfaces,

The VyOS router has three interfaces: eth0 INTERNET(DHCP)
eth1 (192.168.7.1/24)
eth2 (192.168.9.1/24)
like the other person my eth0 is bridged with host, the router does have connectivity and can ping google, and when I had a server machine connected to one of the interfaces it could ping all 3 router interfaces, but the server did not have internet access, and the host machine has only ever been able to ping the interface it is bridged with. any suggestions would be much appreciated I will try and give more info when and where I can

2

this was the basic starting config, have since added some icmp firewall rules still getting same result,

set system host-name Router1

set system login user student

set system login user student authentication plaintext-password password

set system login banner pre-login “\n\nAuthorised Personel Only!\n\n\nUser Identification:\n\n”

set system login banner post-login “\n\nWelcome to Router1!\n\n”

set int ethernet eth3 address dhcp

set int ethernet eth3 desc INTERNET

set int ethernet eth4 address 192.168.7.1/24

set int ethernet eth4 desc WindowsNetwork

set int ethernet eth5 address 192.168.9.1/24

set int ethernet eth5 desc LinuxNetwork

set protocols static route 0.0.0.0/0 next-hop 192.168.1.1

set nat source rule 7 outbound-interface name eth3

set nat source rule 7 source address 192.168.7.0/24

set nat source rule 7 translation address masquerade

set nat source rule 9 outbound-interface name eth3

set nat source rule 9 source address 192.168.9.0/24

set nat source rule 9 translation address masquerade

3

image
image1082×1014 71.4 KB

4

Check routing table, arp entries, nat counters

show ip route
show arp
show nat source statistics

On host, you should also check routes

More tips:

  • traceroute from host might help.
  • sudo tcpdump -ni ethX → Check live traffic on desired interface. Do it on LAN and on WAN interface to see what is happening. You can also add some filter, for example to see only icmp sudo tcpdump -ni ethX icmp
5

the comment with the screenshot shows what the output is when sh ip route is issued on the router, sh nat in the conf prompt on the router shows the two nat rules created, host is running win10, vms through virtual box.

at the moment I have the router set with 3 interfaces, one bridged with host, one leading to a win 2022 server and one to a linux server, the host machine can ping the bridged router port but not the other two, the windows server and linux server can ping all 3 router interfaces and eachother but cant share the internet connection with the router, plan on adding a client machine to each network but want to sort out the internet issue and figure out why the host machine(win10) can only talk to the port its bridged with